introduces generateRbacRestrictedView to generate restricted view + triggers

2022-09-19 20:43:14 +02:00
parent 2cae17a045
commit 44eb59c918
14 changed files with 230 additions and 315 deletions
--- a/src/main/resources/db/changelog/113-test-customer-rbac.sql
+++ b/src/main/resources/db/changelog/113-test-customer-rbac.sql
@@ -87,17 +87,12 @@ call generateRbacIdentityView('test_customer', $idName$
 -- ============================================================================
 --changeset test-customer-rbac-RESTRICTED-VIEW:1 endDelimiter:--//
 -- ----------------------------------------------------------------------------
-/*
-    Creates a view to the customer main table with row-level limitation
-    based on the 'view' permission of the current user or assumed roles.
- */
-set session session authorization default;
-drop view if exists test_customer_rv;
-create or replace view test_customer_rv as
-select target.*
-    from test_customer as target
-    where target.uuid in (select queryAccessibleObjectUuidsOfSubjectIds('view', 'test_customer', currentSubjectsUuids()));
-grant all privileges on test_customer_rv to restricted;
+call generateRbacRestrictedView('test_customer', 'target.prefix',
+    $updates$
+        reference = new.reference,
+        prefix = new.prefix,
+        adminUserName = new.adminUserName
+    $updates$);
 --//